A recent Kaspersky survey has revealed that accidental data sharing by staff now produces a greater amount of lost data than software vulnerabilities.
According to the 2014 Global Corporate IT Security Risks survey conducted by Kaspersky Lab and B2B International, 27% of all businesses have lost sensitive business data due to internal IT threats in the past 12 months. However, the global data shows that for the first time since Kaspersky Lab began tracking these incidents with this survey in 2011, accidental data sharing by staff now produces a greater amount of lost data than software vulnerabilities. Both sources of data loss are most commonly found in businesses within the Utilities & Energy and Telecom business sectors.
According to the report, the most common internal threat is still software vulnerabilities, which were reported by an average of 36% of all businesses. Accidental data leaks by staff (reported by 29% of all businesses), and loss/theft of mobile devices by staff (26% of respondents noted it) are the second and third most-commonly reported internal threats. As the biggest sources of data loss from internal incidents 20% of all survey participants named software vulnerability incident, while 22% said about losing data from an accidental leak by staff and 19% reported leakage due to loss of mobile devices by employees. These figures suggest that businesses are slowly winning their struggle with software vulnerabilities, but data loss is growing in other areas of businesses. Other examples of internal threats that lead to data loss incidents include intentional data leaks from employees and security failures by a third-party supplier.
One of the most alarming trends uncovered by Kaspersky Lab’s investigation of internal threats is how often they occurred in businesses within infrastructure sectors. For example the Telecom companies reported by far the highest rate of accidental leaks and data sharing by staff, at 42%. The Utilities and Energy sector reported the second-highest rate of this threat, at 33%, with Manufacturing also having a high figure – 31%.
Software vulnerabilities encountered by companies within the past year were also reported by a high number of organisations from these sectors: by 40% of business in the Utilities & Energy sector, 36% in Transportation/Logistics and 35% in Telecom and Manufacturing sector.
Kaspersky Lab today offers a number of security technologies to control applications, close software vulnerabilities and maintain control over mobile devices, and offers unmatched insight into cyber-threats targeting industrial control systems. To protect the specific needs of manufacturing, industrial and critical infrastructure environments, Kaspersky Lab offers a custom-designed version of the company’s endpoint security software, created for manufacturing and industrial settings. Kaspersky Lab also provides the Kaspersky Industrial Protection Simulation to help organisations train for cyber-attacks that could affect the infrastructure of their facility.
To cope with internal security threats along with an effective security solution, such as Kaspersky Endpoint Security for Business and special solutions for industrial systems, organisations should have comprehensive security policies and effective staff education: employees should understand and follow security rules of the company.
* Follow Gadget on Twitter on @GadgetZA